We had a report earlier today about problems with non-malicious PDF files getting flagged by the Symantec AntiVirus 10 and Symantec Endpoint Protection 11 products. The March 26, 2007 rev 7 definitions appear to be the cause of the issue. The PDF files were getting flagged as Bloodhound.PDF.6 based on hueristics detection.

In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vunerability has been published which involves XSL Transforms. This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers.

Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1 (and no, this is not an early April Fools joke).

A proof-of-concept exploit for the XSL Transform vulnerability has been released. If the attack succeeds, arbitrary code can be run in the context of the browser. If the attack fails, a DoS condition is likely for the browser.

We've had a few reports so far where people receive an SMS which asks them to check out a particular URL, which predictably contains something extra.

Currently the reports are from the UK and Germany.

The text of the SMS is typically along these lines " Someone posted your full personal and banking information at insert-bad-url-here website you must remove it now". The text does vary slightly in some of the samples seen.

The url typically has some badness in the form of a trojan. This particular one, which Holger alerted us to (thanks), contained a trojan called Ambler.

So keep an eye on your VoIP systems and some user education is probably also not a bad idea.